[squid-users] sslbump working with 3.4.9 but not in intercept mode?

Jason Haar Jason_Haar at trimble.com
Mon Nov 10 10:26:43 UTC 2014 

On 10/11/14 23:02, Amos Jeffries wrote:
> > acl SSL_nonHTTPS_sites dstdom_regex
> > "/etc/squid/SSL_nonHTTPS_sites.txt" acl SSL_noIntercept_sites
> > dstdom_regex "/etc/squid/SSL_noIntercept_sites.txt" ssl_bump none
> > SSL_nonHTTPS_sites ssl_bump none SSL_noIntercept_sites ssl_bump
> > server-first all
>
> The TCP forwarding behaviour occurs when your "ssl_bump none" rules
> match the IP address of the intercepted tcp/443 traffic.
>
> So it comes down to what your regex files contain and what TCP dst-IPs
> your Squid is processing. Both of the details you have elided from
> your description.
>

Ha! You're dead right. I had "^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$" in
SSL_nonHTTPS_sites.txt so that Skype could work (skype will auto-detect
proxies if needed and uses CONNECT statements to peer IP addresses
instead of hostnames). So that whitelisted the bumps!

I've commented out  the SSL_nonHTTPS_sites rule and now it's broken
HTTPS all together. Now "telnet 1.2.3.4 443" connects and immediately
drops. cache.log shows squid crashing and restarting. If I comment out
"https_port", the crashing stops, so it looks like my config is OK for
"normal" proxy-bumping, but something is wrong for intercept. (this is a
Centos-6 box self-compiled 3.4.9)

2014/11/10 23:20:43 kid1| Closing HTTP port 0.0.0.0:3126
2014/11/10 23:20:43 kid1| Closing HTTP port 0.0.0.0:3129
2014/11/10 23:20:43 kid1| Closing HTTPS port 0.0.0.0:3127
FATAL: xstrdup: tried to dup a NULL pointer!

Squid Cache (Version 3.4.9): Terminated abnormally.
CPU Usage: 0.077 seconds = 0.049 user + 0.028 sys
Maximum Resident Size: 71088 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
    total space in arena:    9332 KB
    Ordinary blocks:         9264 KB      6 blks
    Small blocks:               0 KB      1 blks
    Holding blocks:         10068 KB      6 blks
    Free Small blocks:          0 KB
    Free Ordinary blocks:      67 KB
    Total in use:           19332 KB 207%
    Total free:                67 KB 1%
2014/11/10 23:20:43 kid1| storeDirWriteCleanLogs: Starting...
2014/11/10 23:20:43 kid1|   Finished.  Wrote 9466 entries.
2014/11/10 23:20:43 kid1|   Took 0.01 seconds (732549.14 entries/sec).
2014/11/10 23:20:46 kid1| Set Current Directory to /var/spool/squid
2014/11/10 23:20:46 kid1| Starting Squid Cache version 3.4.9 for
x86_64-redhat-linux-gnu...



-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the squid-users mailing list